How to run sudo command without a password on a Linux or Unix

I‘m a new Unix system user. How do I use sudo command without a password on a Linux or Unix-like systems? I log in as tom@my-cloud-server-ip and disabled root login for ssh. After login, I need to run some commands as root user. I am the only sysadmin using my server. How do I run or execute sudo command without a password for a user named Tom under Debian/Ubuntu/CentOS Linux cloud server?

sudo (“superuser do”) is nothing but a tool for Linux or Unix-like systems to run commands/programs as another user. Typically as a root user or another user. You can delegate common tasks such as reboot the server or restart the Apache or make a backup using sudo for unprivileged users.

By default, sudo needs that a user authenticates using a password before running a command. Some times you may need to run a command with root privileges, but you do not want to type a password using sudo command. This is useful for scripting or any other purpose. This can be achieved by editing /etc/sudoers file and setting up correct entries. [donotprint]

Tutorial details
Difficulty Easy (rss)
Root privileges Yes
Requirements sudo
Time 2m
[/donotprint]You need to consider any security consequence of allowing a sudo command execute without a password.

How to to run sudo command without a password:

  1. Backup your /etc/sudoers file by typing the following command:
    sudo cp /etc/sudoers /root/sudoers.bak
  2. Edit the /etc/sudoers file by typing the visudo command:
    sudo visudo
  3. Append/edit the line as follows in the /etc/sudoers file for user named ‘vivek’ to run ‘/bin/kill’ and ‘systemctl’ commands:
    vivek ALL = NOPASSWD: /bin/systemctl restart httpd.service, /bin/kill
  4. Save and exit the file.

How do I execute ALL sudo commands without password?

Type the following command as root user:
# visudo
Or
$ sudo visudo
Append the following entry to run ALL command without a password for a user named tom:

tom ALL=(ALL) NOPASSWD:ALL

Here is my sample config file:

Fig.01: How to execute sudo without password for tom user

Save and close the file. Now you can run any command as root user:
$ sudo /etc/init.d/nginx restart
$ sudo /sbin/reboot
$ sudo apt-get install htop
## get root shell ##
$ sudo -i

Please make sure only tom can login via ssh keys.

How do I test it?

Simply run /bin/kill to kill any process without a password:
[vivek@server ]$ sudo /bin/kill pid-here
OR
[vivek@server ]$ sudo /bin/systemctl restart httpd.service

For more info read man pages: visudo(8)

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
15 comments… add one
  • David Kaplan May 18, 2015 @ 6:33

    Breaking security via built-in priv escalation though… not sure it’s wins the convenience cost/benefit…

    • echo083 Jun 30, 2015 @ 1:18

      I agree. Nothing to add.

    • Scott Alexander Feb 6, 2016 @ 1:34

      Unfortunately the “standard” deployer for Rails, Capistrano, has a requirement that it never needs a password for anything. You have to set up everything to require keys so the deployer machine can connect to anything it deploys to, plus Git, without a password. Even though I’m logging on using a key in Ubuntu 14, Sudo is asking for a password and Capistrano keeps trying to enter a blank password.

  • GLaDER May 20, 2015 @ 19:23

    This seems like a very bad thing to learn beginners.

  • Gupi May 22, 2015 @ 8:14

    Next lesson would be the benefits of “rm -fr /” ?

    • GC May 11, 2017 @ 14:24

      You’d still need to add the –no-preserve-root tag.

  • oxffffffff May 26, 2015 @ 11:50

    sudo should be used with password I guess. My centos7 by default asks for password only once per a session. Wouldn’t it be enough?

    • vvz May 28, 2015 @ 16:38

      I would say this article has a sense.
      Let’s say you are working for nagios configuration and sometimes you need a script does some stuff with sudo rights and do not ask password (and do not require tty, which is not mentioned).
      It could be done as described in the article.

  • hemant Jun 16, 2015 @ 7:26

    Its required in such environment where Level 1 engineer needs to be given only service restart rights.

  • Raf Jun 17, 2015 @ 13:18

    I have another nice example for beginners: “crontab -r”

  • lance Aug 5, 2015 @ 4:35

    In my experience with Unix and Linux where this helps give the operations/developers the tools they need to get the job done. It is not the most secure solution, but it is viable .. especially if you want to script something for an “application” user.

  • n00b7 Apr 19, 2017 @ 10:50

    If you are logged in as an admin user, I guess you will just need sudo password once per session. Turning off the password check is not a good idea, at least you will think once before doing something horribly wrong.

  • Joe Apr 21, 2017 @ 9:11

    Okay, scrap this lesson and instead teach this:

    sudo echo "#!/bin/bash" > /usr/bin/bsudo
    sudo echo "sudo $@" >> /usr/bin/bsudo
    sudo echo "sudo -K" >> /usr/bin/bsudo
    sudo chmod 550 /usr/bin/bsudo
    sudo chgrp users /usr/bin/bsudo

    Now, use bsudo instead of sudo and just change back to sudo after you understand basic security.

  • Marcus Duarte Aug 12, 2020 @ 9:15

    One suggestion for the next article, enable sudo passwordless for a specific command instead of ALL.
    The syntax for accomplish that changes a bit.

  • Steve Oct 16, 2020 @ 16:41

    I came into this from the situation where I am logging into a non-priv user via ssh key exchange, so either there is no password for that account or at least I don’t know it, and that account needed admin rights on that machine. When I ran sudo it asked me for that password that I didn’t have. So is there a correct way to have a password used to validate sudo requests, but still not allow login with a password to the machine?

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.